freeipa

Clone
Source Code
GIT

#5573 In IPA-AD trust environment some secondary IPA based Posix groups are missing
Closed: Fixed None Opened 8 years ago by pvoborni.

Closed: Fixed
Reopen Issue

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1292595

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:

Logging in as an AD user most/a lot of times, some secondary IPA based Posix
groups are missing.
Doing some debugging the sssd_pac.log shows:

(Mon Dec 14 18:34:13 2015) [sssd[pac]] [pac_user_get_grp_info] (0x2000): Group
with SID [S-1-5-21-obfuscated] is not in the PAC
anymore, membership must be removed.
(Mon Dec 14 18:34:13 2015) [sssd[pac]] [pac_user_get_grp_info] (0x2000): Group
with SID [S-1-5-21-obfuscated] is not in the PAC
anymore, membership must be removed.



Version-Release number of selected component (if applicable):
ipa-4.2.0-15.el7_2.3

How reproducible:
At random interval using AD trust users and IPA client 7.2 or 6.7

Steps to Reproduce:
1.
2.
3.

Actual results:
intermittently some groups are not shown for membership of AD users

Expected results:
AD user group membership should be reported all the time.

Aligning the ticket with BZ.

master:

  • 348c400 ipa-kdb: map_groups() consider all results

ipa-4-3:

  • d6e8174 ipa-kdb: map_groups() consider all results

ipa-4-2:

  • d70c86f ipa-kdb: map_groups() consider all results

Metadata Update from @pvoborni:
- Issue assigned to sbose
- Issue set to the milestone: FreeIPA 4.2.4
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1292595
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.